Skip to content

Security: fix RTMP auth rate limit bypass before on_connect#59

Closed
cursor[bot] wants to merge 3 commits into
mainfrom
cursor/application-security-review-bc92
Closed

Security: fix RTMP auth rate limit bypass before on_connect#59
cursor[bot] wants to merge 3 commits into
mainfrom
cursor/application-security-review-bc92

Conversation

@cursor

@cursor cursor Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

Fix RTMP auth rate limit bypass before on_connect. Resolves publish/play callbacks firing inside poll() before client IP registration, which skipped per-IP auth failure tracking (10 failures/60s). Registers remote_addr from the active Server during callbacks via thread-local poll context.

Open in Web View Automation 

View with Codesmith Autofix with Codesmith
Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.

Register client remote_addr inside publish/play callbacks during poll()
so per-IP auth failure tracking applies before the first publish/play
attempt. Adds regression tests for the pre-on_connect race.

Co-authored-by: Alexander Wagner <info@alexanderwagnerdev.com>
@coderabbitai

coderabbitai Bot commented Jul 8, 2026

Copy link
Copy Markdown

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: a266b931-99dd-4446-87a2-28f6018bd5f4

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch cursor/application-security-review-bc92

Comment @coderabbitai help to get the list of available commands.

github-actions Bot and others added 2 commits July 8, 2026 02:06
PR #59 added clear_rtmp_poll_server and set_rtmp_poll_server imports
that rustfmt wants on two lines instead of three.

Co-authored-by: Alexander Wagner <info@alexanderwagnerdev.com>
@AlexanderWagnerDev AlexanderWagnerDev deleted the cursor/application-security-review-bc92 branch July 8, 2026 08:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants